With the increasing reliance of human society on computer systems in daily life, cybercrime is also on the rise. Malware is increasingly used by cybercriminals to attack, compromise, and steal sensitive information, and more critically, to demand ransom from users of infected systems. Existing antivirus solutions often fall short in detecting and alerting users to attacks carried out by newly developed or evolving malware strains. This highlights the need for a more robust and proactive strategy for malware detection. This paper presents a hybrid approach for advanced malware detection, integrating the identification of suspicious code executing in main memory with the analysis of malware-related events in Windows Event Logs. Experiments were conducted using a code injection technique on Windows 7 and Windows 10 systems, and the corresponding memory images and Event Logs were analyzed to validate the effectiveness of the proposed approach. Training and testing were performed on both code-based and event-based datasets to evaluate detection accuracy. For the detection of suspicious code, we employed the Canadian Institute for Cybersecurity-Malware in Memory 2023 (CIC-MalMem 2023) dataset. For event-based analysis, we utilized the EVTX-ATTACK-SAMPLES and the Windows Event Log dataset. Experimental results using the Random Forest (RF)classifier demonstrate a detection accuracy of 99% based on suspicious code and 95% based on Event Log data.

[1] Ahlegren F., Local and Network Ransomware Detection Comparison, Bachelor Thesis, Blekinge Institute of Technology, 2019. http://www.diva- portal.org/smash/get/diva2:1333153/FULLTEXT 02.pdf

[2] Ahmed W. and Aslam B., “A Comparison of Windows Physical Memory Acquisition Tools,” in Proceedings of the IEEE Military Communications Conference, Tampa, pp. 1292- 1297, 2015. https://ieeexplore.ieee.org/document/7357623

[3] Akbanov M., Vassilakis V., and Logothetis M., “Ransomware Detection and Mitigation Using Software-Defined Networking: The Case of WannaCry,” Computers and Electrical Engineering, vol. 76, pp. 111-121, 2019. https://doi.org/10.1016/j.compeleceng.2019.03.0 12

[4] Amanowicz M. and Jankowski D., “Detection and Classification of Malicious Flows in Software- Defined Networks Using Data Mining Techniques,” Sensors, vol. 21, no. 9, pp. 1-24, 2021. https://doi.org/10.3390/s21092972

[5] Baker K., CrowdStrike, 10 Malware Detection Techniques, https://www.crowdstrike.com/en- us/cybersecurity-101/malware/malware- detection/, Last Visted, 2025.

[6] Baker K., CrowdStrike, History of Ransomware, https://www.crowdstrike.com/cybersecurity- 101/ransomware/history-of-ransomware, Last Visited, 2025.

[7] Beck C., Boumezoued A., Cherkaoui Y., Pradat E., and Fleisher B., “Modeling Financial Losses from a Ransomware Attack Using a Causal Approach,” Milliman White Paper, 2023. https://www.milliman.com/en/insight/modeling- financial-losses-from-ransomware-attack

[8] Celdran A., Sanchez P., Castillo M., Bovet G., and et al., “Intelligent and Behavioral-based Detection of Malware in IoT Spectrum Sensors,” International Journal of Information Security, vol. 22, no. 3, pp. 541-561, 2023. https://doi.org/10.1007/s10207-022-00602-w

[9] Cyber5w, Windows Event Log Analysis, https://blog.cyber5w.com/eventlog-analysis, Last Visited, 2025.

[10] Damodaran A., Troia F., Visaggio C., Austin T., and Stamp M., “A Comparison of Static, Dynamic, and Hybrid Analysis for Malware Detection,” Journal of Computer Virology and Hacking Techniques, vol. 13, pp. 1-12, 2017. https://doi.org/10.1007/s11416-015-0261-z

[11] GitHub, Process-Hollowing Executables, 2016, https://github.com/m0n0ph1/Process- Hollowing/tree/master/executables, Last Visited, 2025.

[12] Hossain M. and Islam M., “Enhanced Detection of Obfuscated Malware in Memory Dumps: A Machine Learning Approach for Advanced Cyber Security” Cybersecurity, vol. 7, pp. 1-23, 2024. https://doi.org/10.1186/s42400-024-00205-z

[13] JPCERT, Event Log Talks a Lot: Identifying Human-Operated Ransomware through Windows Event Logs, https://blogs.jpcert.or.jp/en/2024/09/windows.ht ml, Last Visited, 2025.

[14] Kalinkin A., Golub S., Korkin I., and Pyatovskiy D., “Ransomware Detection Based on Machine Learning Models and Event Tracing for Windows,” IT Security, vol. 29, no. 3, pp. 82-93, 2024. DOI: 10.26583/bit.2022.3.07

[15] Katara M., Kaggle, Windows Event Log Dataset, https://www.kaggle.com/datasets/mehulkatara/wi ndows-event-log, Last Visited, 2025.

[16] Mahanta R. and Kumar R., “Utilizing Windows Event Logs for Malware Detection Using Machine Learning,” IET Conference Proceedings, vol. 2024, no. 23, pp. 19-27, 2024. https://doi.org/10.1049/icp.2024.4396

[17] Maniriho P., Mahmood A., and Chowdhury M., “MeMalDet: A Memory Analysis-based Malware Detection Framework Using Deep Autoencoders and Stacked Ensemble Under Temporal Evaluations,” Computers and Security, vol. 142, pp. 103864, 2024. https://doi.org/10.1016/j.cose.2024.103864

[18] Mohamed K. and Azher M., “Malware Detection 1110 The International Arab Journal of Information Technology, Vol. 22, No. 6, November 2025 Techniques,” in Proceedings of the 4th Novel Intelligent and Leading Emerging Sciences Conference, Giza, pp. 349-353, 2022. https://ieeexplore.ieee.org/abstract/document/994 2395

[19] Moskovitch R., Feher C., Tzachar N., and Berger E., and et al., “Unknown Malcode Detection Using OPCODE Representation,” in Proceedings of the European Conference on Intelligence and Security Informatics, Esbjerg, pp. 204-215, 2008. https://doi.org/10.1016/j.cose.2018.11.001

[20] Nguyen P., Huy T., Tuan T., Trung P., and Long H., “Hybrid Feature Extraction and Integrated Deep Learning for Cloud-based Malware Detection,” Computers and Security, vol. 150, pp. 104233, 2025. https://doi.org/10.1016/j.cose.2024.104233

[21] Pot J., Digital Trends, Windows 10 Leaps Ahead of 7 among Steam Gamers, 2016, https://www.digitaltrends.com/computing/steam- users-windows-10-market-share/, Last Visited, 2025.

[22] Reshma Sri T. and Kumar Yogi M., “An Investigative Study on Malware Signatures,” Journal of Information Security System and Cyber Criminology Research, vol. 1, no. 2, pp. 20-29, 2024. https://matjournals.net/engineering/index.php/JoI SSCCR/article/view/615

[23] Santangelo G., Colacino V., and Marchetti M., “Analysis, Prevention and Detection of Ransomware Attacks on Industrial Control Systems,” in Proceedings of the International Symposium on Network Computing and Applications, Boston, pp. 1-5, 2021. https://ieeexplore.ieee.org/document/9685713

[24] Sbousseaden, GitHub, EVTX_ATTACK_SAMPLES, https://github.com/sbousseaden/EVTX- ATTACK-SAMPLES, Last Visited, 2025.

[25] Shamshirsaz B., Asghari S., and Marvasti M., “An Improved Process Supervision and Control Method for Malware Detection,” The International Arab Journal of Information Technology, vol. 19, no. 4, pp. 652-659, 2022. https://doi.org/10.34028/iajit/19/4/9

[26] Shaukat K., Luo S., and Varadharajan V., “A Novel Deep Learning-based Approach for Malware Detection,” Engineering Applications of Artificial Intelligence, vol. 122, pp. 106030, 2023. https://doi.org/10.1016/j.engappai.2023.106030

[27] Singh P., Kaur S., Sharma S., Sharma G., and et al., “Malware Detection Using Machine Learning,” in Proceedings of the International Conference on Technological Advancements and Innovations, Tashkent, pp. 11-14, 2021. https://ieeexplore.ieee.org/abstract/document/967 3465

[28] Sophos, Interesting Windows Event IDs- Malware/General Investigation, https://support.sophos.com/support/s/article/KBA -000006797?language=en_US, Last Visited, 2025.

[29] Subedi K., Budhathoki D., and Dasgupta D., “Forensic Analysis of Ransomware Families Using Static and Dynamic Analysis,” in Proceedings of the Security and Privacy Workshops, San Francisco, pp. 180-185, 2018. https://ieeexplore.ieee.org/document/8424649

[30] Ucci D., Aniello L., and Baldoni R., “Survey of Machine Learning Techniques for Malware Analysis,” Computers and Security, vol. 81, pp. 123-147, 2019. https://doi.org/10.1016/j.cose.2018.11.001

[31] UNB, Malware Memory Analysis CIC-MalMem- 2022, https://www.unb.ca/cic/datasets/malmem- 2022. html, Last Visited, 2025.

[32] Vehabovic A., Ghani N., Bou-Harb E., Crichigno J., and Yayimli A., “Ransomware Detection and Classification Strategies,” in Proceedings of the IEEE International Black Sea Conference on Communications and Networking, Sofia, pp. 316- 324, 2022. https://ieeexplore.ieee.org/document/9858296